﻿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

	<head>
		<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
		<title>Abp Session</title>
		<link type="text/css" rel="stylesheet" href="bootstrap.min.css" />
		<style type="text/css">
		</style>
	</head>

	<body>

		<div class="document-contents">

			<h3 id="DocIntroduction">Introduction</h3>
			<p>If an application requires login, it also needs to know the current user 
performing operations. While ASP.NET itself provides Session objects in the 
presentation layer, ASP.NET Boilerplate provides <strong>IAbpSession</strong> 
interface to obtain current user and tenant wherever needed.</p>

			<div class="bs-callout bs-callout-warning">
				<h4>About IAbpSession</h4>
				<p>IAbpSession
interface must be implemented in order to get actual session informations. While you can 
implement it in your own way, it's fully implemented in <strong>module-zero</strong> 
project.</p>
			</div>

			<p>IAbpSession is also fully integrated and used by other structures in ASP.NET 
Boilerplate (setting system and authorization system for instance).</p>

			<h3 id="DocInjectingSession">Injecting session</h3>
			<p>IAbpSession is generally <strong>
					<a href="/Pages/Documents/Dependency-Injection#DocPropertyInjection">
property injected</a>
				</strong> to needed classes unless it's not possible to 
work without session informations. If we use property injection, we can use
				<strong>NullAbpSession.Instance</strong> as default value as shown below:</p>
			<pre lang="cs">public class MyClass : ITransientDependency
{
    public IAbpSession AbpSession { get; set; }

    public MyClass()
    {
        AbpSession = NullAbpSession.Instance;
    }

    public void MyMethod()
    {
        var currentUserId = AbpSession.UserId;
        //...
    }
}</pre>
			<p>Since authorization is a application layer task, it's adviced to <strong>use 
IAbpSession in application layer and upper layers</strong> (we don't use it in 
domain layer normally). <strong>ApplicationService</strong>, <strong>
AbpController</strong> and <strong>AbpApiController</strong> base classes has
				<strong>AbpSession</strong> already injected. So, you can directly use 
AbpSession property in an application service method for instance.</p>
			<h3 id="DocUsingSession">Using session properties</h3>
			<p>AbpSession defines a few key properties:</p>
			<ul>
				<li>
					<strong>UserId</strong>: Id of the current user or null if there 
	is no current user. It can not be null if the calling code is authorized.</li>
				<li>
					<strong>TenantId</strong>: Id of the current tenant or null if there is 
	no current tenant.</li>
				<li>
					<strong>ImpersonatorUserId</strong>: Id of the impersonator user if 
	current session is impersonated by another user. It's null if this is not an 
	impersonated login.</li>
				<li>
					<strong>ImpersonatorTenantId</strong>: Id of the impersonator user's 
	tenant, if current session is impersonated by another user. It's null if 
	this is not an impersonated login.</li>
				<li>
					<strong>MultiTenancySide</strong>: It may be Host or Tenant.</li>
			</ul>
			<p>UserId and TenantId is <strong>nullable</strong>. There is also non-nullable
				<strong>GetUserId()</strong> and <strong>GetTenantId()</strong> methods. If 
you're sure there is a current user, you can call GetUserId(). If current user 
is null, this method throws exception. GetTenantId() is also similar.</p>
			<p>Impersonator properties are not common as other properties and generally used 
for <a href="/Pages/Documents/Audit-Logging">audit logging</a> purposes.</p>

		</div>

	</body>

</html>
